Trojan APT hits DoD smart cards
A variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.
A variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.
“We recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DoD and Windows smart cards,” said Jaime Blasco, a security researcher at AlienVault. “This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.”
Smart cards interface with computers through a special reader. They use digital certificates and PIN codes for authentication purposes.
Sykipot commonly sees use in advanced persistent threat (APT) attacks. The Sykipot variant analyzed by AlienVault contains several commands to capture smart card information and use it to access secure resources, Blasco said.
One of the variant’s routines works with ActivIdentity ActivClient, an authentication software product compliant with DoD’s Common Access Card (CAC) specification.
The CAC enables access to DoD computers, networks, and certain facilities. It allows users to encrypt and digitally sign emails and it facilitates the use of public key infrastructure (PKI) for authentication purposes.
This Sykipot variant reads the smart card certificates registered on the victim’s computer, steals the card’s PIN number using a keylogger module and uses the information to log into protected resources, as long as the card remains inside the reader, Blasco said. In essence, it becomes a smart card proxy.
“While Trojans that have targeted smart cards are not new, there is obvious significance to the targeting of a particular smart card system in wide deployment by the U.S. DoD and other government agencies, particularly given the nature of the information the attackers seem to be targeting for exfiltration,” Blasco said.
Sykipot went out last month as part of an APT attack against companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries. According to AlienVault, the Trojan’s main command and control servers are in China, although its creators will sometime use U.S.-based servers to route the stolen information in order to avoid detection.
- Related News:
Answers about industrial Ethernet - 01.09.2011 03:44- Cover story: Giving your plant a cyber health checkup - 18.07.2011 08:55
- When updating your computer security, why patch? - 01.01.2010 07:00
Case Study Database
Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
2012 Salary Survey
In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.
Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.